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ABSTRACT 



A network resource control system allow* network users to communicate with network 
resources, and includes a resource registry, an administration server, a proxy server* a driver 
server, and an authorization server. The resource registry includes resource records which are 
associated with the network resources and define a target address and a resource type for each 
network resource. The administration server is in communication with the resource registry 
and provides the resource administrators of each network resource with access to their 
respective resource records. The prosy server is in communication with the resource registry 
and facilitates data transfer between the nerwork users and the network resources in 
accordance with the resource records. The driver server i nc lud es driver applications for the 
network resources. The authorization server is in communication with the resource registry 
and the driver server and provides the driver applications to the network users in accordance 
with the resource record. Each driver application includes a resource driver, a driver 
administrator, and a data transmitter. The resource driver facilitates communication of 
application data between a user application and target network resources. The resource driver 
includes a driver input for receiving the application data and a driver output for providing a 
translation of the application data. The driver administrator is in communication with the 
resource registry and configures the resource driver in accordance with the resource records 
associated with the target network resource. The data transmitter is in communication with 
the driver output and transmits the translated data to the target network resource. 



NETWORK RESOURCE CONTROL SYSTEM 



FIELD OF THE INVENTION 

5 The present invention relates to a method and system for network management system. 
In particular, the present invention relates to a method and system for controlling access 
to network resources. 

10 BACKGROUND OF THE INVENTION 

Local area networks are widely used as a mechanism for making available computer 
resources, such as file servers, scanners, and printers, to a multitude of computer users. It 
is often desirable with such networks to restrict user access to the computer resources in 
order to manage data traffic over the network and to prevent unauthorized use of the 

15 resources. Typically, resource access is restricted by defining access control lists for each 
network resource. However, as the control lists can only be defined by the network 
administrator, it is often difficult to manage data traffic at the resource level. 

Wide area networks, such as the Internet, have evolved as a mechanism for providing 

20 distributed computer resources without regard to physical geography. Recently, the EPP 
protocol has emerged as means to control access to printing resources over the Internet. 
However, the IPP protocol is replete with deficiencies. First, as IPP-compliant printing 
devices are relatively rare, Internet printing is not readily available. Second, although the 
IPP protocol allows user identification information to be transmitted to a target resource, 

25 access to IPP-compliant resources can only be changed on a per-reeource basis. This 
limitation can be particularly troublesome if the administrator is required to change 
permissions for a large number of resources. Third, users must have the correct resource 
driver and know the IPP address of the target resource before communicating with the 
resource. Therefore, if the device type or the IPP address of the target resource changes, 

30 users must update the resource driver and/or the IPP address of the resource. Also, if a 
user wishes to communicate with a number of resources, die user must install and update 
the resource driver and IPP address for each resource as the properties of each resource 
changes. Fourth, access to IPP printers cannot be obtained without the resource 
adminis trator locating the resource outside the enterprise firewall, or without opening an 

35 access port through the enterprise firewall. Whereas the latter solution provides the 

resource administrator with the limited ability to restrict resource access, the necessity of 
opening an access port in the enterprise firewall exposes the enterprise network to the 
possibility of security breaches. 

40 Consequently, there remains a need for a network resource control solution which allows 
resource owners to easily and quickly control resource access, which is riot hindered by 
changes in device type and resource network address, which facilitates simultaneous 
communication with a number of target resources, and which does not expose the 
enterprise network to a significant possibility of security breaches. 
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SUMMARY OF THE INVENTION 

According to the invention, there is provided a network resource control system and 
method system which addresses deficiencies of the prior art 

5 

The network resource control system, according to a first aspect of tho present invention, 
allows network users to communicate with network resources, and comprises a resource 
registry, an administration server, and a proxy server. The resource registry includes 
resource records which are associated with the network resources and define a target 
10 address and a resource type for each network resource. The administration server is in 
communication with the resource registry and provides die resource administrators of 
each network resource with access to their respective resource records. The proxy server 
is in communication with die resource registry and facilitates data transfer between the 
network users and the network resources in accordance with the resource records. 

15 

The network resource control system, according to a second aspect of the present 
invention, allows network users to communicate with network resources, and comprises a 
resource registry, a driver server, and an authorization server. Tho resource registry 
includes resource records which are associated with the network resources and define a 
20 target address and a resource type for each network resource. The driver server includes 
driver applications for the network resources. The authorization server is in 
communication with the resource registry and the driver server and provides the driver 
applications to the network users in accordance with the resource records for facilitating 
data transfer between the network users and the network resources. 

23 

The network resource control system, according to a third aspect of the invention, allows 
network users to communicate with network resources located behind an enterprise 
firewall, and comprises a proxy server, and a polling server. The proxy server is located 
outside the enterprise firewall and receives application data from network users. The 
30 polling server is located behind the enterprise firewall and is configured to poll the proxy 
server for initiating transmission of the received application data from the proxy server to 
the polling server. 

The network resource control system, according to a fourth aspect of the present 
35 invention, is associated with a resource registry having resource records associated with 
network resources for allowing network users to communicate with the network 
resources, and comprising a resource driver, a driver administrator, and a data transmitter. 
The resource driver facilitates communication of application data between a user 
application and target network resources. The resource driver includes a driver input for 
40 receiving the application data and a driver output for providing a translation of the 
application data, Tlieadmmstrata-Jsmccmr^ 

configuration of flic resource driver in accordance with the resource records Q^^intH 
with the target network resource. The data transmitter is in communication with the 
driver output for transmitting the translated data to the target network resource. 
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The network resource control method, according to a fifth aspect of tho invention, 
facilitates communication between network users and network resources, and comprises 
the steps of: 

providing a resource registry including resource rocords associated with the 
5 network resources, the resource records including user access control data; 

receiving user access control data from administrators of the network resources 
for incorporation into the resource records; and 

depending upon the user access control data received, configuring the network 
users for communication with the network resources 

10 

The network resource control method, according to a sixth aspect of the invention, 
facilitates communication between network users and network resources, and comprises 
the steps of: 

receiving a request from one of the network users far communication with a target 
15 one of the network resources; 

obtaining resource configuration data associated with the target one network 
resource; 

determining a user authorization for communication with the target one network 
resource; and 

20 depending upon the outcome of the user authorization step, verifying a 

correspondence between the resource configuration data and user configuration data 
associated with the one network user. 

The network resource control method, according to a seventh aspect of the invention, 
25 facilitates communication between users of a network and resources in communication 
with the network, and courotises the steps of: 

providing a request from one of the netwoik users for communication with a 
target one of the netwoik resources; 

receiving from the one network user spplication data for transmission to the target 
30 one network resource, and receiving resource netwoik addresB data associated with the 
target one network resource over a communications channel secure from the one netwoik 
user; and 

directing the application data over lie network in accordance with received 
network address data. 

35 

The network resource control method, according to an eighth aspect of the invention, 
facilitates commumcation over a network between users of the network and netwoik 
resources located behind an enterprise firewall, and comprises the steps of: 

polling a proxy server located outside the enterprise firewall for requests for 
40 communication with the netwoik resources; 

receiving application data and associated netwoik resource data from the proxy 
server in response to the poll step; and 

wrecting the application data to the network resources in accordance with 
associated network resource data: 

-3- 
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BRIEF DESCRIPTION OF THE DRAWINGS 

The preferred embodiment of the invention will now he described, by way of example 
only, with reference to the drawings, in which: 

5 

Fig. lis a schematic representation of a network resource control system, according to 
the present invention, showing die resource registry, the administration server, the proxy 
server, the driver server, and the authorization server, and 

10 Fig. 2 is a schematic representation of a driver application for use with the present 

invention, sbo wing the resource driver, the driver administrator, and the data transmitter. 



DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT 
15 Turning to Fig. 1, a networic resource control system, denoted generally as 100, is shown 
comprising a resource registry 102, an administration server 104, an authorization server 
106. a number of network resources 108, and a number of network users 110. Preferably, 
each nctworic resource 1 08 comprises a printing device, and the network resource control 
system controls access by the network useis 110 and the printing devices. However, it 
20 should be understood at the outset that the invention is not limited to a network printing 
control system, and that the network resource 108 may comprise any of a variety of data 
communication devices, including facsimile machines and image servers. 

The administration server 104, the authorization server 106 and the network resources 
25 1 08 are available by the network users 1 1 0 over a wide area network 1 12, such as the 
Internet. The resource registry 102 comprises a resource database 1 1 4 which includes 
resource records associated with the network resources 108, and a driver database 1 1 6 
which includes resource drivers which allow user software applications to communicate 
with the network resources 108. 

30 

Each resource record identifies a target address, resource type and user access level for 
the associated network resource 108. Also, each resource record identifies apseudo- 
name for the associated network resource 108 to identify the network resource to network 
users. Preferably, the pseudo-name is a network alias that identifies the physical location 
35 and properties of the network resource 108, but does not identify the network address of 
the resource 108. Further, although each network resource 1 08 may be defined with a 
unique pseudo-name, a group of network resources 108 may be defined with a common 
pseudo-name to allow communication with a group of network resources 108. 

40 Preferably, the user access level comprises one of a) public access" in which any user 
1 10 of the network 112 can communicate with the target network resource 108, b) 
"private access" in which only members of the enterprise associated with the teget 
network resource 108 can communicate with the target network resource 108, and c) 
"authorized access" in which only recognized users 1 1 0 can communicate with the target 
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network resource 108. Additional infoirnation/restri^ may also be 

specified in addition to the foregoing predefined user access levels, Per instance, hours 
of operation, data handling capabilities, and resource pricing may also be specified. Also, 
TeaMcrtions/permisfiions may be provided either on a per-user basis, or par-group basis, 

5 

The administration server 104 provides resource administrators with access to the 
resource registry 102 to facilitate updating of the target address, resource type, user 
access level and infoiznation^estncdoas/peniiissioiis identified in the resource records of 
the resource database 114. In the case of network resources 108 configured for 

1 0 authorized access, the administration server also allows the resource administrators to 
specify a resource name and password for each network resource 108. As will be 
appreciated, this mechanism allows the resource administrator to make adjustments, such 
as to pricing and page limit, in response to demand for the network resources 108, and to 
make adjustments to resthctions/^eTmissions/passwQrds to thwart unauthorized access to 

IS the network resources 108. 

Preferably, the administration server 104 provides controlled access to the resource 
database 114 so that the resource administrator of a particular network resource 108 is 
only allowed access to the resource records associated with the resource administrator's 
20 network resources 108. 

As discussed above, the driver database 116 includes resource drivers to allow user 
application software to communicate with the network resources 108. As shown in Fig. 
2, when a network user 1 10 is setup to communicate with a target network resource 108 

25 (to be described below), the network communication device of the network user 1 10 is 
configured with a driver application 200 comprising a resource driver 202 from the driver 
database 1 16, and a wrap-around driver layer 204. The wrap-around driver layer 204 
includes a front-end layer 206, an administrator layer 208, and a data transmitter layer 
210. The front-end layer 296 is in communication with the network user application 

30 software and the resource driver 202, and typically only passes application data from the 
application software to the resource driver 202. The administrator layer208 
communicates with the resource registry 102 over the Internet 1 12 and the target network 
resources 1 08 to ensure that the driver application 200 is properly configured for 
communication with the target network resources 108. The data transmitter layer 210 is 

35 in communication with the resource driver 202 and is configured to transmit the data 
output firom the resource driver 202 over the Internet 1 12 to the target network resources 
108. 

The authorization server 106 is in communication with the resource database 1 14 and the 
40 driver database 1 16 for providing die network user? 110 with the wrap-around driver 

layer 204 and with the resource drivers 202 appropriate for the target network resources 
108. Preferably, the authorization server 106 is configured to provide the data transmitter 
layer 210 with the network address of the target network resource 108, over a 
communications channel secure from the network user 1 1 0 so that the network address of 
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the target network resource 108 is concealed from the networic user 110. la the cue 
where the network 112 comprises die Internet, preferably die secure communications 
channel is established using SSL protocol. 

5 Typically, each netwoik resource 108 comprises an IPP-compliaiu printer. However, as 
discussed above, other data communication devices, such as facsimile machines, image 
servers and non-IFP-coxnpliant printers, may be used in addition to or in replacement of 
an DPP-compliant printer. In the case where the netwo± resource 108 comprises an IPP- 
compliant device, the network address of the netwoik resource 108 comprises the 
10 network resource IPP address. However, inthe case where the network resource 108 
comprises a non-EPP-compliant device and the network 1 12 comprises die Internet, 
preferably the netwoik resource 1 08 is linked to the netwoik 1 1 2 via a server, and the 
network address of the network resource 108 is the TP address of the server. 

15 Typically each network user 1 10 communicates to the netwoik resources 108 using a 
communication device, such as a personal computer, linked to the network 112. 
However, the network users 1 10 may also communicate to the network resources 108 
using other communications devices, such as wireless telephones, pagers or personal data 
assistants. 

20 

To facilitate communication with network resources 108 located within an enterprise 118 
behind too enterprise firewall 120, as shown in Fig. 1, preferably the network resource 
control system 100 also includes a proxy server 122 located outside the enterprise 
firewall 120, and a polling server 124 located behind the firewall 120 within the 
25 enterprise 118. Prtferabjy.thoprtncy server 122 is located qn«<iteat the enterprise J 18, is 
provided with a network address era 118, and includes a 

queue for receiving application data. However, the proxy server 122 may also be located 
off-site, and may be integrated with the authorization server 106 if desired. 

30 Typically the enterprise 1 18 includes a server 126 for communication with the network 
resources 108 located behind the firewall 122. The polling server 124 is in 
co mmuni cation with the enterprise server 126 for communication with the network 
resources 108 located within the enterprise 118. The polling server 124 is configured to 
poll the proxy server 1 22 through the firewall 120 to determine whether application daxa 

35 is waiting in the queue of the proxy server 122. However, as will be ^predated, the 
proxy server 122 and the polling server 124 may be eliminated, if desired, and a port 
provided within the firewall 120 for communication with the netwoik resources 108 
located behind the firewall 120. 

40 Preferably, the netwoik resource control system 100 also includes a transaction server 
1 28 and an archive server 130 accessible over the netwoik 112 via the adnunbtratton 
server 104. The transaction server 128 is in communication with the authorization server 
106 for keeping track of each communication request between a netwoik user 1 10 and a 
network rcsourco 108. For each transmission, typically the transaction server 1 1 8 
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maintain* records of the originator, recipient, date, time and file size of the transmission. 
The archive aexvta 130 is configured to retain copies of fhe application data transmitted, 
for a specified period. The network user 1 10 may specify whether the transmitted 
application data is to be archived, and the archive period, during a user registration step, 
5 described below. 

Preferably, the administration server 104 provides controlled access to the transaction 
server 12S and the archive server 130 so that only the network users 1 10 which originated 
transmission of the application data is allowed access to any information associated with 
10 the transmission. 

To communicate with a network resource 108, preferably the network user 1 10 first 
selects a target network resource 108, and oonfigures hs computer for communication 
with the target network resource 108. The network user 110 may also register itself with 

1 5 the administration server 104, by specifying any required information, including the 
network user's name, physical address, and e-mail address. The network user may also 
sped fy that an e-mail notice should be sent to the network user 110 after a successful 
transmission of application data to the target network resource 1 08, and whether 
archiving of the application data is desired. However, the registration step is optional and 

20 maybe dispensed with if desired. 

If no network resource 108 has been selected, the network user 110 queries the 
administration server 104, via its Internet browser, for a list of available network 
resources 1 08. The network user query may bi based upon any desired criteria, including 

25 print turn-around time and page size (where die target network resource 108 is a printer), 
price, and geography. In addition, the network user 110 may provide the administration 
server 104 with the geographical coordinates of the network user 110 in order to 
determine the network user's nearest network resources. The ability to specify the 
geographical coordinates of the network user 110 is particularly advantageous if the 

30 communication device of the network user 110 is a wireless telephone, pager or personal 
data assistant In this latter variation, the ad^nnustradon server 104 may be provided with 
the network user's geographical coordinates through any suitable mechanism known to 
those skilled in the art; including latitude/longitude co-ordinates, GPS, and wireless 
triangulation. 

35 

Preferably, a network user 1 10 will only be provided a list of pseudo-names associated 
with each network resource 108 satisfying the ti^rignatHl search criteria. Further, 
typically the pseudo-name list will only identify network resources 108 registered for 
public access. However, if the network user llO identifies itself as a registered user by 
40 entering a usemaroe and password provided af the time of registration, the pseudo-name 
list will also Identify network resources 1 08 which have been registered for authorized 
access and to which the network user 110 19 authorized to communicate. Also, if the 
network user 1 10 is member of an enterprise 118, the pseudo-name list will also identify 
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network resources 108 whidi have been registered by the enterprise 118 for private 
recess. 

Upon receipt of the resource list, the network user 110 selects a target network resource 
5 108 From die list The administmtion server 104 then queries the network user's network 
communication device to determine whether the communication device has been 
configured with the appropriate resource driver 202 for communication with the target 
network resource 108 and, if not, prompts the network user 1 10 to download the 
necessary resource driver 202. 

10 

Once the network user 108 desires to communicate with a target network resource 108, 
the network user 110 transmits a communication request via its application software to 
the driver application 200. Hie front-end layer 206 of the driver application 200 receives 
the application data, and passes it to the resource driver 202 for processing. In addition, 
15 if the network user 1 10 has not previously selected a network resource 108, the front-end 
layer 206 contacts the administration server 104 over the Internet 1 12 and prompts the 
network user 1 10 to select a network resource 108, as described above. 

The front-end layer 206 also notifies the administrator layer 208 of the driver application 
20 200 of the print request The administrator layer 208 men provides die authorization 
server 106 with a request for printing to a target network resource 108. Typically, the 
administrator layer 208 provides the authorization server 106 with the pseudo-name 
associated with the target network resource 108, a network user identifier, and a resource 
driver configuration identifier. The authorization server 106 then queries the resource 
25 registry 102 with the pseudo-name of the target network resource 108 for the associated 
resource record. The authorization server 106 extracts the user access level from the 
resource record, and based on the network user identifier, determines whether the 
network user 1 10 is still authorized to communicate with the target network resourcel08- 
If the network user 1 10 is still authorized, the authorization server 106 then provides the 
30 administrator layer 208 with the network address of the. target network resource 108. In 
the case of a network resource 108 configured for authorized access, the authorization 
server 106 also provides the administrator layer 208 with the resource name and 
password associated with the network resource 1 10. 

35 The administrator layer 208 men queries the network resource 108 over the Internet 1 12, 
using the received network address, to determine whether the target network resource 1 0 8 
stiU resides at the specified network address, is operational and is on-line. The 
authorization server 106 also extracts the resource type from the resource record, and 
based on the resource driver configuration identifier, determines whether the network 

40 user 1 1 0 is still configured fox communication with the target network resource 110. If 
the network user 110 no longer has the correct resource driver 202, the authorization 
server 106 queries the driver database 116 for the correct resource driver 202, and 
prompts the network user 1 10 to download the resource driver 202. This driver 
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configuration verification step may be performed concunemly or consecutively with the 
network address providing step described in the preceding paragraph. 

Meanwhile, the resource driver 202 translate* the application data into a format suitable 
5 for use by the target network resource 108, and then passes the translated data to the data 
transmitter layer 210 of the driver application 200. Preferably, the data transmitter layer 
210 compresses and encrypts die translated application data upon receipt The data 
transmitter layer 210 also receives the network address of the target network resource 108 
tram the driver administrator layer 208, and transmits the compressed, encrypted data 
10 over the Internet 1 12 to die target network resource 108* 

If the resource administrator has defined the user access level of the target network 
resource 108 to allow public access to the network resource 108, preferably the target 
network resource 108 is accessible through a local server which serves to queue, decrypt 
15 and decompress the application data prior to transmission to the target network resource 
108. Alternately, the target network resource 108 itself may be configured for 
transmission over the Internet 112, such as an IPP-capable printer, so that the target 
network resource 108 prints the application data directly. 

20 If the resource administrator has defined the user access level of the target network 

resource 108 to allow only private enterprise-based access to the network resource 108, 
the proxy server 122 located outside the enterprise firewall 120 receives the application 
data, and transfers the application data to the proxy server queue. The polling server 124 
located behind the enterprise firewall 120 periodically polls the proxy server 122 to 

25 determine the status of the queue. Upon receipt of a polling signal from the polling 
server 1 24, the proxy server 122 transmits any queued application data from the proxy 
server queue, through the enterprise firewall 120, to the polling server 124. The polling 
server 124 then parses die network address associated with the received application data, 
and transmits the application to the appropriate server 126 or network resource 108 for 

30 processing. 

If the resource administrator has defined the user access level of the target network 
resource 1 08 to allow authorized access to the network resource 1 08, preferably the target 
network resource 1 08 is accessible throu gh a local server which serves to queue, decrypt 
35 and decompress die application data, and extract the resource name and password 
transmitted along with the application data. The local server then transmits the 
application data to the appropriate network resource 108 if the received resource name 
and password arc valid 

40 Regardless of the user class defined for a network resource 1 08, if the resource 

administrator relocates the target network resource 108 to another network address, 
and/or changes the device type and/or restrictionsVtermwsions of the network resource 
108, the resource aoVninistrator need only update the resource record associated with flic 
network resource 1 08 to facilitate communication with the network resource 108. 

-9- 
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Subsequently, when a network user initiates communication with the network resource 
108 with the original pseudo-name, the authorization server 106 provides the 
administrator layer 208 with die updated network, address of the network resource 108, or 
prompts the user 110 to download the appropriate resource driver 208, if the network user 
5 1 10 is still authorized to communicate with the network resource 1 08. 

In the ease of network resource 108 configured for authorized access, if the resource 
administrator desires to change the device name and password associated with the 
network resource, the resource administrator need only update the device name and 

10 password provided on the resource record. Subsequently, when a network user 110 

initiate? commutation with the network resource 108 with the original pseudo-name, 
the authorization server 1 06 provides the administrator layer 208 with the updated 
resource name and password of the network resource 108, if the network user 1 10 is still 
authorized to communicate with the network resource 108. A network user 110 who is 

IS not authorized to communicate with the target network resource 108, will not receive the 
updated device name and password from the authorization server 1 06 and, consequently, 
will not be able to communicate with the target network resource 108, even if the user 
110 knew the network address for the target network resource 108. 

20 The following pages identify further details and benefits of the preferred embodiment. 
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^OVERVIEW 



A mechanism for easily identifying, controlling, and using personal contact 
information is disclosed. The first embodiment of this method is the support of remote 
printing devices available through the Internet or internal Intranets is disclosed. A Global 

5 Registry is used to control access to and Catalog User contact information and Internet 
Printer Protocol ready printers as well as Proxy enabled standard printers. The invention 
uses the Global Registry to broker interactions between the users, their contact 
information, including the available printers. The invention includes the use of a wrapper 
layer of software around standard O/S print drivers to allow current application 

10 technology to be Internet print enabled. The user of the invention is shielded from the 
complexity and risks of maintaining the current status of those wishing to contact them 
directly or by printing to a remote printer across the Internet. The providers of the 
remote printers are shielded from the risks of providing a c ce ss to their printers and 
network resources. 

2Global Registry 



The Global Registry is a central location on the Web that allows Users to register 
personal information, including physical location, phone numbers, cell phones, pagers, 
fazes, internet aware printers and other information. This registered information is 

20 protected by passwords, known only to the person registering the information 
(registrant). The registrant identifies a list of other registrants of the Global Registry that 
they grant access to, and what aspects, of their personal information that they grant that 
permission. This permission is also password controlled/ and can be limited by factors 
such as date, elapsed time or access count. The depth and type of information revealed to 

25 other registrants can also be controlled on an Individual basis. For Instance contact 
information granted to family members could be different from that granted to co- 
workers or customers. 

The registrant can update the contact information at the central registry whenever any 
aspect of their contact information changes. These changes are then automatically updated 
30 for the other registrants who have been granted access to this information! when they 
establish contact with the central registry. This gives the registrant a single location to 
update information, ensuring that those granted permission to contact them, can always 
get current information. 

The first implementation of the method disclosed, is the printerOn System, which is 
35 designed to manage And control contact to individuals and organizations through internet 
enabled printers and fax machines. This same method is applicable to other contact 
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information tuck as email addresses, pager numbers, physical location, phone numbers 
and other information the registrant might wish tD share. 



3printerOn Overview 



*a PrinterOn 

priaterOn is the name of a system of Web based components and drivers that allow 
current, normal, commercially available Applications to gain controlled, protected 
printing across the Internet to remote printers. PrinterOn is a sample implementation of 
the Global Registry method. 

PitTKTERON Main CQMPn^NTS 

Registration Server . The Registration Server is a Web Server site that supports the 
registration of Printers and Users as well as the definition of User or Printer groups. It 
also provides a portal for the provision of advertisement information and sale of 
merchandise to the registered base of users for any services or products of interest to the 
IS users. 

K *flH SgfTfff - The Name Server is a Web Server that supports the identification of 
the appropriate printer IP address for the use of the printerOn Driver and the validation 
of the User's privileges 

PrinterOn Driver - The Driver k a Client Application that looks like a standard 
20 device driver that encapsulates the actual printer driver on that O/S, and provides services 
to route the print stream to Internet Printers. 

Prow Server - The Proxy Server is a Web Server that supports the spooling, 
encryption and compression of printer data streams to the appropriate printer IP address 
for the use of the printerOn IPP Print Server. 

25 GtoWPlfattegirtiy - The PrinterOn Global Print Registry is a repository for all 
of the registered Printers and Users that controls and grants permissions to the users of 
the system based on the PrinterOn printer settings. The Registry is based on a database 
m orinl -with the accompanying Active Server Pages controlling the transactions. 

3.3 PrinterOn Re gistration Srrvrr 
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The PrinterOn Registration Server supports the registration of both printers and users 
Into the PrinterOa system. The registration of a user consists of entering information such 
as their Name, e-mail address, real address and the IP id e ntifi cati on of their device. 

The Registration Server is the main Web interface between Users and the PrinterOa 
5 system. 

The registration of a printer, consists of identification of the user definedPrinter Alias 
Name, the IP address of the printer, the PrinterOn class of the printer (Public, 
Authenticated Public, or Private)! and if the printer has been identified as Private, who 
is allowed to print to the registered printer. 

iM printerQn Name server 

The PrinterOa Name Server provides several services to the PrinterOn System in 
direct communication with the PrinterOa Driver. 

In the normal printing process the Name Server would respond to a request for the 
address of the Printer Alias with a resolved IP address and DNS name for the printer, if 
IS it was available to that user. If they were a registered user they could see the Public and 
Authenticated Public printers in the Registry, filtered as they saw fit. The user could only 
get a response to a private printer if they were on the list of users associated with that 
private printer or had access to the printer account and password of the private printer. 

3,5 PmnterOn Drivers 
3<s.l Global Print Driver 

The PrinterOn Global Print Driver is a code wrapper that encapsulates a Standard 
O/S Printer driver with a layer that communicates through a standard Port to the Web. 
The driver supports the 1PP standard protocol and the interaction with the Name Server. 

The Global Print Driver is composed of four parts, the Driver Control, the Port 
23 Monitor, the IPP printer communication and the IPP print server data stream control. 

The novel item is the implementation of a printer dziver that passes information 
through to a Standard O/S Printer driver, while making use of communication with a 
Website. 

A method of controlling the processing or printing requests to a Windows 95, 98 or 
30 NT print driver by encapsulating a standard Windows print driver, with a layer that 
functions as a print driver at the interface, but, allows for control of the print data stream 
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being passed to windows/This allows for additional processing of the data stream after it 
has been passed to the driver layer by any Window* application and also the addition of 
information or redirection of die print driver output from a local printing process to a 
remote IPP printer. 



3s5.2 universal Print Driver 

The PrinterOn Universal Print Driver adds a set of standard O/S Printer drivers built 
into the driver layer itself, that support the basic data streams for printing to a wide range 
of printing devices. The idea here is that the printer driver can not only handle control 
and permissions in a Web environment, but also support printing capabilities to a range 
10 of printers without the user needing to install driven for those printers locally by 
themselves. 

3.6 PrtnterOk Proxy Server 

The printerOn Proxy Server is the provision of IPP services to those users who do not 
wish to expose their IPP printers outside of a firewall, it also provides services to those 
IS who do not have IPP enable printers or servers, but, wish to receive prints over the 
Internet. 

The Proxy server has three components in the design of this subsystem. The first 
component is an add-on part of the PrinterOn Driver. This part allows for the 
compression and/ or encryption of a data stream in the pass-through printer component 
20 of the Global or Universal PrinterOn print drivers. 

The second component of the PrinterOn Proxy is a Web location associated with the 
printer Ormet site thai identifies a queue for the printerOn Proxy Printer. The queue is 
monitored by the printerOn Print Server and if data appears in the queue, the Server 
initiates a download of the data from behind the firewall, at the printer location. This 
25 solution means that Administrators can provide the services of an IPP printer without 
opening a port through the Firewall of their network. 

The third component of the printerOn Proxy is the printerOn Print Server that is 
located at the sice of the Proxy Printer. This server supports the decryption and expansion 
of the data stream being spooled from the Proxy Queue and fVn passes this to the printer 
30 connected to the server. This means that data streams that are IPP compliant as well as 
others may serviced by printing devices that do support the IPP capabilities. 
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3-7 RfiGlSTRY 



3.7.1 Global Print Driver Registry 

The Global Print Registry 19 the database of registered Printers and Usen that 
comprise the printerOn system. The level of indirection provided by this registry 

5 allows for the insertion of many services and capabilities not supported by standard 
IPP printers or other Internet printing solutions. The use of both User and Printer 
Aliases meant that the actual physical connection or the physical device behind that 
alias can be moved, reconfigured or changed widiout changing the appearance of the 
alias at the user level. The Administrator of the system can modify and maintain ft 

1 0 distributed group of printers over the Internet, simply by accessing the single registry 
location. The use of die alias also ensures that the publication of the address on a 
website, business card or directory is a viable alternative as the alias is controlled and 
mapped to the chancing network underneath. Even physical location can be easily 
changed This means that printing can work at the same virtual portal style that users 

15 have come to expect from browser access to the Web. 

The use of printer IDs and user Ids in the system, in conjunction with passwords, 
means that the use of the internet printers can be controlled, and modified from the 
same central registry. 

20 



4printerOn Process Discussion 



4,1 REGISTERING A ffjflfrmR 

4.1.1 Registration of an IPP Printer 

25 PrinterOn as a system is centered around the internet printer. Unlike standard systems 

that focus on the user and permissions PrinterOn is unique in that it is printer centric. 
The printer is given an identification and is registered in a central registry, with a level of 
security and if necessary, a list of users that may be granted permission by the printer 
itself, to use the printer. This is a unique level of active security to control the use of the 

30 printers. To accommodate this level of security, printers that have an IPP interface must 
be registered within the PrinterOn system. This registration is entirely in the control of 
the Administrator of the printer, both in initiating the registration and in mainraimn^ the 
nature and type of printer at that location. 
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The PrinterOn Prinier Registration consists of fields such as: 

• The unique printer identification 

• The Organization and location 

• Printer's printerOn Alias 
5 • The Printer's IP Address 

• The Printer's URL 

• PrinterOn printer type (public, public authenticated, private) 

• Pen Mapping Parameters for printerOn 
. • Printer Model and Make 

10 • Printer Driver URL 

• Administrator ID and Email 

• Administrator Password 



Once a printer has been registered, if it has been identified as a Private Printer, 
15 additional information on the Registrants that can locale and use that printer can be 
entered. These Registrants must be registered users of the printerOn System with entries 
in the Global Print Registry. Once the Registrants have been identified as having access 
to the Private Printer, then they can use this printer as any other printer. The access to 
the Private Printer can also be controlled by individual passwords for each of the 
20 Registrants. The major advantage of this system is that the printer Administraro rs can use 
the Global Print Registry to control access and use of Private Printers through a single 
central location. The only other alternative for control of access to IPP enabled printers 
is through password control on the individual IPP servers, which must be configured 
bdividuaUy on each of theservers locally. This gives Administrators the ability to control 
25 a geographically dispersed set of Private Printers quickly and easily. 

11-0.1 Registration of aNon-IPP Printer 
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If the user has a printer thai does not have an IPP Server or is not enabled with IPP 
technology, the printerOn system provides the ability to provide an IPP Proxy for 
connected printers. If the user registers a printer and identifies it as a non-IPP printer, the 
printerON.net site can provide a printing queue to store and process data transmitted 
5 across the internet. If users of the printerOn system print to that printer the Proxy 
services in the printerOn Print Driver are enabled and the data is known to be being 
transmitted to a non-IPP printer and is routed to the printerOn.net site. From there the 
data is queued and sent on to a printerOn Proxy print server located at the non-IPP 
printer's location. This Print Server then formats the data stream and forwards the 
10 information to the printer. 



1 1.0.2 Printer Groups 

The printerOn.com interface allows for the registration of a Group of Registered 
Printers. This Printer Group consists of a series of printers that have been registered in the 
Global Print Registry associated and given an Alias by the User. This grouping of 
15 Registered Printers gives the user of the system the ability to print to a set of IPP Printers 
simultaneously, through their standard printing interface. The user simply «Wif HM the 
printerOn Printer Group as their printer in their application printing dialog, and the 
resultant print is sent to all of the Registered Printers in that group. 



20 



If the Group of Registered Printers includes Fax locations, those faxes will be 
simultaneously sent along with the prints to the appropriate fax machine. This means thai 
printers and fazes can be mixed within a single information exchange. If there are several 
fax locations, these can be touted to a fax distribution center for further forwarding to the 
actual fax devices. 

n.0.3 Registrant Groups 

25 The printerOn.com interface also allows for the registration of a Grouping of 
Registrants. This would enable work groups or company divisions to identify a group of 
people that could as a class, be granted access permission to a given Private Printer, 
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The users of the printerOn system muse register with the Global Print Registry to 
ensure that they can use the full features of the printerOn system. Users log onto the 
printerQn.com website and enter the User Registration information to ensure the 
printerOn system can recognize them and identify which printing capabilities are available 
5 to them. If Users do not register* then they can only use the Public Printers listed in the 
registry. Once the users have registered they are considered to be Registrants in the 
printerOn system and can have access to Authenticated Public printers and those private 
printers that they hove been granted access to- 

The data captured during the printerOn Registration of a User such as: 

10 • A unique User Registrant identifier 

v A Registrant name 

• An address 

• A valid email address 

• An assigned Registrant password, emailed to the above sdHrfrc 
15 • Default printerOn settings 

• A fax alias 

• A phone number 
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PrinterOn Process How 
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8.1 Finding a Printer 

8.1.1 When Printing 

5 When die user identifies chat they wish to print from an application using the 
printerOa driver, the can either identify the printer from their favorites list, type in the 
Printer Alia* or invoke the Search Browser to look for a printer in the Global Print 
Registry. 

Once the user has identified the printer thay wish to use, the printers characteristics 
10 are ch e ck ed co determine if the user has a printer driver for that device, if the printer is 
online through an IPF status check and if the user has permission to print to thai device. 

If the user has the appropriate driver and permission, the printerOn Printer will 
become the default printer for that application and workstation, ready for printing. 

For Registrants of the printerOn system who wish to use advanced search techniques 
15 during a printing job searches can be done by available printer types, geographic location, 
delivery capability, job quality or by a reverse bidding process. This reverse bidding 
process consists of comparing Registered Printer capabilities and pricing with the 
Registrants request for services and providing the Registrant with a best fit solution. 

8.1.2 WhenOniinetoprinterOn.com 

20 When the user is accessing printerOn.com they have the ability to search for printers 
available to them, they can search either geographically, by printer model or by printer 
type and permissions. 

The user also has the ability to undertake the same advanced ^^in^ techniques for 
printing resources that axe available from the printerOn Driver interface. These can 
25 involve detejraination of the best price for a printing job, the closest geographic location, 
perhaps fastest delivery or closest match to the required capabilities* 

Once they have located a printer, they can choose to add this printer to their List of 
Favorites in the printerOn Driver 

$.2 Printing a Don tmpts^ 
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When the user is printing from an application, they can use the default selection or 
choose a new printer from their favorites or browse the printerOxLnex website for a 
printer in the Global Print Registry. 

Once a printer has been identified the printer IP address is communicated in an 
5 encrypted message to the printerOn Driver and the user may print to this Remote F rinter. 
When the print is initiated the printerOn driver will communicate with printerOn.net 
to ensure that the permissions and printer status and location are valid. 

If the response to the communication indicates that the printer has been changed, the 
printerOn driver will check the local system for an appropriate printer driver for the 

1 0 newly installed printer. If it is not available then the printerOn driver will request a copy 
of the appropriate driver from printerOn.net. If the printer driver is not available at the 
printerOn.net site, the printer Administrator will be notified and the Registrant will be 
asked to find a copy of the appropriate driver. If the driver is available, then the printerOn 
Driver will download it to the Registrants machine and continue with the printing 

15 request, 

The printerOn Driver then allows the data stream from the application to pass- 
through to the printer mo d el device driver for processing. Once this is completed the 
printerOn driver then gets the dan stream from the driver and packages it up into an IPP 
data stream or a Proxy data stream for a non IPP printer. The IPP layer of the printerOn 
20 driver then initiates an IPP session with the actual remote printer confirms it's status and 
sends the data. The driver then in parallel, sends a transaction record to printerOn.net to 
record the printer usage and statistics such as number of pages, transmission time and 
other statistics for accounting and administration purposes. 



2s Identified Vertical Market Application for 

PrinterOn 

9,1 OVERVCTQFAPPLinATr^ 

• Universal Use - The Universal use applications are those that are generally 
applicable to all printing applications. 

30 • Wireless Applications - The Wireless applications are those services and 
capabilities that enhance the use of wireless devices. Such as interactive pagers or 
cellphones 
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• Fax Substitution - The Fax Substitution is the provision of services that will 
supplement or replace the normal fax transmission process. 

• IPP Server Enhancement - The IPP Server Enhancement applications are services 
and capabilities that expand the use and function of the IPP standard printers, 

5 • Reprographics - The Reprographics applications are those that enhance the 
commercial printing and services market 

5.1 UntversalUsr 

5.1.1 Hotel Guest Printing 

For business travelers who need printed data, but do not bring printers with them, 
10 hotels can register an IPP printer with printerOn.net. When a guest arrives at the 
hotel, he or she can be assigned a valid printerOn userlD and password by a Printer 
Administrator at that Hotel through the printerOn.com Website, that will allow 
access to the hotel printer for the duration of the guest's Stay. printerOn will broker 
access to the printer in such a manner that it remains secure. printerOn can provide 
15 the hotel with the option of tracking printer usage for guest billing purposes. Guests 
can print from their rooms through dial-up internet connections using printerOn.net, 
and pick up their output at the front desk If they wish they can also print a cover page 
on each of their print jobs, identifying who the print is to go to. 

20 Once the guest has been registered with printerOnxom their access to the printer will 
be automatic for the duration of the configured access. The printerOn driver will 
substitute the password for the printer into the print request from the guest's 
application, lie hotel can then get a record of the guest's printing activity lor billing 
purposes. 

25 
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5.1.2 White Pages 

printerOa.net will act as a search engine for IPP print a d dre sses, allowing users to 
always locate the appropriate device even as servers and printers are being replaced or 
5 moved. Organizations can update the parameters for registered printers at 

printerOn-net to minimiV^ disruptions, in service for those authorized to access their 
printers. This means that system administrators can reconfigure or replace physical 
printers, while retaining the permissions! passwords and Printer Aliases for the 
Registrants. The Registrants will not necessarily even be aware that the physical 
10 printer that they use has been changed- 

5.1.3 Distribution Groups 

printerOn allows the creation of a logical Primer Group, so that users can send a copy of 
a document to a number of people or printers in one step. By printing to the group, a 
IS copy of the printout is automatically duplicated by the printerOn Print Driver by 
recursively printing and sending to each device belonging to the group. The standard Print 
Driver needed to print to each member of the group will be detected and inserted as In the 
single device printerOn process. 

5.1 A Pato-For-Papers 

20 printerOn.net can broker physical prints of an organization's purchased reports 

directly to a consumer's output device^ saving the time and cost of shipping hardcopy 
versions. There is no intermediate, electronic form that may be copied, and the report 
is available immediately. 

The provider of the reports, can request the IP address of the customers printer, or ask 
25 that the customer register the printer as Private, Then the provider can print to the 
printer, with a record of the transaction being available to show delivery. 
If the person requesting the print wisijes, they, can have the print stream information 
forwarded to a local printing shop to be picked up or forwarded. 

flol.5 Print/Fax Archival 

For clients who require records of faxes or IPP prints, but lack document archival 
software, printerOn.net can host a copy of print jobs for a period of time. The prints 
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can be regenerated or retrieved on Remand by those with suitable password acres*. 
printerOn .net will also work closely document management companies to provide 
similar capabilities for larger organizations with a higher degree of IT strategy. This 
capability can be supported by the jprinterOn system, because the printerOn driver is 
capable of producing multiple renditions of a single print request, one of which can be 
routed to an archival process. 



5.1.6 FOLLOW-ME PjONTER 

Registering with printerOn ensures that faxes or prints always reach recipients who 
1 0 change their locations. Corporations can be certain that output will find traveling, 

former, or vacationing employees, and can also redirect prints for absent employees to 
suitable alternates. An individual registers a virtual IPP address with printerOn. This 
virtual IFF address is the one they pqpose to the world. As they change locations, as 
the Administrator of their printer Jthey can visit the printerOn Web site and redirect 
15 their virtual IPP device to the IP address of the physical print device at their current 
location. !■ 



20 



30 



35 



5.2 Wireless Appltca^on 



5.2.1 Printing Wifeless EMAIL 



For business travelers who recervej^mail, printerOn will have integrated solutions 
with wireless daxa services that allow the recipient to print a copy of the message on an 
IPP printer. The wireless user can!' specify the printer they want to use* or can rely 
upon printerOn services to locate a suitable printer based upon geographic location 
and other requirements* Geographic location may be established by several means, 
25 including GPS, wireless cell triangulation, or manual entry. 

5.2.2 Obtaining eLail Attachments 

E-mail attachments can be printed). directly to'printers rather opened in the 
programs they were created in. W^rifiess devices, such as Internet-enabled cell phones 
and wireless modems or pagers, cwa ;thus alert the user of a received attachment 
without needing to deliver the conten ts to the device* The business traveler can request 
that the e-mail be forwarded to prWerOn.net with a request to output the message and 
attachment on a hardcopy primerj Thi» hardcopy may be a fax ™<"-Hn*. public, 
private or Virtual IPP printer. printerOn will also be able to obtain the geographic 
coordinates of a wireless device either from a <SPS or cell phone locating service to 



i 
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automatically route the prints to the nearest printer, or provide the user with a list of 
nearest printers to choose from. 

5.3 FAX SUBSTITUTION • 

553.1 Improved FaxISig 

prlnterOnjiet can replace fazes, with 1 high quality prints thai retain fine details 
traditionally lost using fax machines. An IPP printer can be registered along with the 
fax number(s} for which it is a substitute. Clients can cross-reference these &x 
numbers (which are commonly avaflikble) into IPP print addresses to send high quality 
fax-equivalents to business paxtneril j£rinterOn.nei is capable of determining when a 
fax number does not have an IPP equivalent, and dropping into standard fax mode 
under these circumstances. .! 



10 



If numerous real fax locations are identified) then faxes can be routed to a fax 
15 distribution center for forwarding.* -• 

ji 
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5.4 IPP Server ENHANcjjK 



SIRS I 



5.4.1 IPP Printer Adapter 

it i ■• 

printerOn can create virtual IPP printers for companies whose printers are not IPP 
20 compliant, or who lack the experdsejjto set up an IPP device. Corporations receive an 
application that runs on their Windows NT, 2pOQ, or Linux print servers that allows a 
printer to behave as a virtual IPP {jrjnter when used in conjunction with 
printerOn.net. This application communicates with the printerOn Web site to 
convert IPP print requests from any;kource into a print request for non-IPP printers. 



5.4.2 Pen Mapping! t 

TheprinterpnDriver creates a jds^nition table to map the data stream baingpresented 
to the Print Driver Interface to any} of several standard or custom definitions. This means 
that the color of the objecca can be mapped to other colors or grayscale, the thickness of 
lines can be mapped, the fill patterns used can b? modified or mapped to color or grayscale 
fills. In theprinterOn system, beeausfe the driver knows the capability of the final printing 
device, the printerOn driver can automatically- map the data input from the Application 
to an appropriate output stream firjthat printing device, without any modifications or 
intervention with the originating Application. If the printing device is a black and white 
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printer, colon can be mapped to griyjicale fills;or patterns. If the resolution of a printer 
is less than the original data, then filipjatteras can be modified to accommodate the lower 
resolution* 



554.3 



IPP FIREWALL! 



GE 



For companies with security concerns over "pushing" data through their firewalls, 
printerOn can expose a printer wit^qjiit opening a port in the firewall. This is 
accomplished by an application on ^fe company's server that "polls' 1 the printerOn 
service to identify when a print request has been made. It then pulls that data securely 
through the firewall, rather than alj&jWing it t6 : be pushed through. 



5.4.4 



IPP Data Op 




HON 



To decrease the use of expensive or slow Internee bandwidth, printerOn offers a 
service/product combination that wfll optimize data transfer for IPP print 
applications. The printerOn driver < ian compress the print data stream before 
transmission. printerOn software pii| the receiving IPP server performs 
complementary decompression to pijpvidc the necessary print data to the printer. The 
printerOn driver will "handshake"; with the print server to establish if this service is 
available on the printer, and automatically usejit when appropriate. 



the printerOn Proxy provides a 
respond with a "ready* signal to 
will then queue the data and 
becomes available. 




5.4,5 IPP DATA Q 

To reduce printing bottlenecks caws|kjby slow Internet connections or large print jobs* 
: — °^ ^ - J — ijoft in which the printerOn.net Web site can 



5 waning to print to an IPP printer. printerOn 
; bansmissipn of the print request once the printer 



30 



s.4.6 ipp dns f];; ;;| 

For smaller or g an iz a ti o ns requiring fiPomain jjlame Server support (a requirement for 
remote printer access), printerOuM jwill act &s a global DNS. This will simplify the 
process and reduce the cost of eaqpdsing IPP printers fox the average company lacking 
the technical expertise or the fi«"Ji4ai rationale for building a DNS. 



I l! 



-28- 



CA 02299824 



10 



15 



20 



25 



30 



5.4.7 Print Identtf p 

To provide some context for the p. ' 
tost on the printed document or pi 
destination of the document. This 
such as the time, date, who printed 
document. 



5.4.8 



Print At 



mart 

, r 

\ transaction, printerOn can either place header 

\ a cow sheet to identify the source and 
it headej||or cover sheet con Include information 
t document, and who is expected to receive ihe 



[cati6n 



printerOn can verify the authent 
key encryption, and other accep 
reliance on courier and fax trans 
recipient of a print job is able to cH]d 
printerOn.net registry* Reprints < 
for a period of time, and audit tr 



of 



a prir r .submission through passwords, public 
ndchanisxns. This further reduces the 
m as a n eons of validating transactions. A 
docum ait validity according to the 

of authenticated documents are retained 
available permanently. 



5,4.9 



Printer ago 




ankt 



To help organizations monitor cox 
printerOn.net can record all prints 
Customized reports for flxiriiring pjj 
flagged, and e-mail notifications ctii 
checking. I • 



5.4.10 PiunterUse 

Critical documents can be printed 
slow data transfer. The printerOn 
printerOn users to whom they 
a user that is identified as being 
servicing, or may even terminate 
printer owner's configuration. 



5.4.11 Paper Size FilTERiNfi 
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mables and track costs among departments, 
ctivity bp user, account code, and printer, 
oses can'be generated, unusual print behaviors 
~ sent tcja designated contact when supplies need 

f 

; f rather [than be delayed by long print jobs or 
m allows the printer owner to identify 
give priority access. A print request from such 
hrity flrill be given preference for next 
ipt) t jje current print job depending upon the 
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To ensure thai the correct paper j 
owner of the registered printer can-i 
opposed to what page sizes axe i 
are actually installed in the device, 
ensure that the user has const 
condition from occurring. Alte 
the print job so that it fits on the ay 

Note that similar applications < 
and white printing, and folding (si 



5.4.12 AUTOMAIIC: 

printer On will ensure that the pj 
thereby prevent the user from p 
Global Print Registry allows an; 
can install or use an appropriate 
driver, the system will autoi 
the global registry database, 
entirely block the print attempt, 



5.4.13 Notification and 




$ 

l or the r* note printer is selected by users, the 
ientifrto irinterOn what page sizes are valid (a 
i»Uy possible). Typically, these are the sires that 
ten prin Ipg from the printerOa driver, we will 
' r pape '^election to a valid size to prevent this 
r , prin erOn can automatically scale (or resize) 
table pap tf, 

*> • . A 

\6z media (paper, vellum, mylar etc), color/black 
ties', punci da, fold type, etc). 



Di |tvER Validation 

|nd prii ijter driver are compatible, and will 
~g inco rect output. To guarantee this, the 
search fcr a printer to discover its type, so they 
t c driver, furthermore, if you use the printerOn 
check tb |currently selected print driver against 
provide aiwarning of incompatibility, or to 



To eliminate uncertainty, m 
successfully, and can inform the 
He system can be configured to 
notifications and receipts. T m 
the physical location and URL oft 
for whom ft was printed. 
Upon completion of a print, the 
site to record the statistical data 
creating e-mail notifications and 
may request a receipt in the print i 
a receipt if they have configured 
is generated if the user has em 
driver. A printer owner can i 
notification, or receive nottficati 
requested. 



B$c: 



UPTS 



can assiu e/the sender that the document printed 
ijttpt that |i document has arrived at their printer, 
je wjor enfc irce the generation of print e-mail 
•these merges would contain information such as 
' printer, doe number of pages, who printed it, and 

it xnonxtc r\ will interact with the printerOn audit 
ed to the print job. The audit site is capable of 
jipts incoi pjorating this s^tistical data. The user 
iver user i interface, or may choose to always obtain 
jr account jjjppropriately. A recipient notification 
iele-mail i lodress of the recipient in the print 
jre| their account such that they always receive 
t the eve jjc that an explicit notification was not 
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5.4.1 4 CONFIGURATI< »k-#RO BP PRINTER NAMING 

To guarantee the lon^cerm validity jbf a URL lodress while allowing printer owners 
the freedom to change printer path f pxinterG ajnet allows owners to create an alias for 
a logical printer. This alias reniaiiwualid despi tje changes to a host domain* servers, 
printers, or server configuration. Wf**** of priujderOn«net and the printerOn driver are 
shielded from configuration change}/, allowing printer administrators the freedom to 
modify their environment without impacting published URL printer names. 



5.4.15 Printer] 

For companies concerned about 
inappropriate use of equipment, 
printerOn allows the printer <v 
method is to restrict access to the 
provides a mechanism for rrackin] 
behavior. Another unique prini 
"denial" basis. Most access gram 
(printerOn supports this model) 
printer that says "anyone can use 
is important since IFP printers pi 
environment is no longer contra 
huge. 

5,5 Reprographics 



Lvirig unsofidted information (■spam") or the 
1 nting hate messages, pornographic images, etc), 
to track oviblock this type of behavior. One such 

onlyifp registered printerOn users. This 
i^approprMe print users, which discourages poor 

concept p die ability to grant access on a 
protocols] identify who is allowed to use a service 
Tt also provide a means of controlling access to a 
jji printer EXCEPT for the following users..,". This 
" - s a new problem for primer administrators... the 
I* (as in a c |rporarion). Rather, it is the world at 



5.5.1 



Large Foi 



The printerOn driver can assem 
and apply the appropriate Printe: 
the target printer. If the choke of 
manufacturers control envir 
of Job Control codes to match the 
intervention. 



5.5.2 Printing. 



, i 

[jr pIeon: :|ijob Submission 

print jobs from the Application printing process 
>b Qontrc Ifwrappera, depending on the nature of 
Etpilt location involves the use of a different printer 
> then the; printerOn driver can use a different set 
output device, without user 
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El* 1 

Small print shops, can register a Kan? public 
customers who lack the equipmentibr skills to 
customer can then obtain the harder - 
would contact the Print Shop, whoJ| 
UserlD and Password. The custo: 
desktop^ which interacts with prim 
access to the Print Shop IPP prim 
expires. 



5(6.3 



printer with printerOuiet to serve 
it their specialized documents. The 
m the print shop. The customer 
use printerOn with a time limited 

the printerOn driver on their 
Validate and provide a temporary 
(Once the print job is complete, the access 




Print Forwarding 




An application for the remote 
with good availability to the 
printer. This means thai 
establishment near a courier hub 
hardcopy, without the necessity 
It would be printed and distribui 




cougar 



The foregoing description is irn 
present invention. Those of 
and/or modifications to the desoribi 
described herein, are encompassed 
the claims appended hereto. 



product hardcopy output at a site 
n, if that destination does not have an IPP 
be 1 1 f£nted remotely to a printing 
can distribute the resultant 
ike hardcopy and bringing into the hub. 



ive of the preferred embodiment of the 
certain additions, deletions 
^ wtokh, although not explicitly 
or scope of the invention, as defined by 
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WE CLAIM: 



1 . A network resource control systx^ 

between network users and network resoifi j jes, the 

a resource registry including resoun \ a records 
the resource records defining a target addr^q and a 
resource} 

an administration server in coi 
administrators of each said network resi 
records; and 



for* 



a proxy server in communication 
transfer between the network users and 
records. 

2. A network resource control 

between network users and network res< 
a resource registry including resou| 

the resource records defining a target 

resource; 

a driver server including driver 
an authorization server in 



communication over a network, 
irk printing system comprising: 
iciated with the network resources, 
type for each said network 

h the resource registry for providing 
L - to respective ones of the resource 

: registry for facilitating data 
ources in accordance with the resource 



Dr allowij it communication over a network, 
, the n< ijfrork printing system comprising: 
rds;i£sod 




irecor 



; and are 



resource records for facilitating data c; 
resources. 

3* A network resource control ; 
between network users and network re 
network printing system comprising: 

a proxy server provided outside \ 
for printing; and 

a polling server provided within 1 
polling the proxy server for initiating 1 
proxy server to the polling server. 



loawii 



oriated with the network resources* 
esource type for each said network 

ins for the network resources; and 

it i [the resource registry and the driver 



server for providing the driver appUcauoxttijji o the net work users in accordance with the 
j_ * -I- • r ' between the network users and the network 

1 allowi d k communication over a network, 
t locacfe 1 Jbehind an enterprise firewall, the 



enterprise 



jon o: 



4, A network resource control systei|Jfer allowiHfc communication over a network, the 
network printing system being associated] frith a resqi roe registry including resource records 
associated with network resources for alia Sing netwjxrk users to communicate with the 
network resources over the network, the | grwork printing system comprising: 

a resource driver for facilitating col Smunicatl & of application data between a user 
application and target ones of the networi resources, pie resource driver faclmting a driver 

-33- 



r 



rewaU for receiving application data 



^terprisepthe polling server being configured for 
" jhe received application data from the 
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input for receiving the application data 
application data; 

a driver administrator in communit 
of the resource driver in accordance with 
network resources* and 

a data transmitter in mmmunicario; 
translated data to the target one network 

5. A method for facilitating 0 
network resources, comprising the steps 

providing a resource registry incUu 
resources, the resource records including 

receiving user access control data 
incorporation into the resource records; 

in accordance with the user access 
communication with the network resoi 

6. A method for facilitating commi 
network resources, comprising the 

receiving a request from one of 
of the network resources; 

obtaining resource configuration 

determining a user authorization 
resource; and 

in accordance with the user authoi 
resource configuration data and user 

7. A method for facilitating o 
network resources, comprising die 

providing a request from one 
one of die network resources; 

receiving from the one network 
network resource, and receiving resource 
network resource over a ^^^nior 

directing the application data 
address data. 



8* A method for facilitating commi 
network resources located behind 




it for providing a translation of the 



e resource registry for configuration 
tords associated with the target one 



output for transmitting the 



network, between network users and 



i records associated with the network 
itrol data; 

itors of the network resources for 
1 datq ; configuring the network users for 



ion ova i network, between network users and 

cork u > irs for communication with a target one 

associau & 1 with the target one network resource; 
common l ration with the target one network 

ig a correspondence between the 
associated with the one network user. 

network, between network users and 

iers for communication with a target 

n data for transmission to the target one 
data associated with the target one 
from the one network user; and 
in accordance With received network 



network, between network users and 
comprising the steps of: 
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polling a proxy server located out 
communication with the network resourc 

receiving application data and 1 
in response to the poll step; and 

directing the application data to 1 
network resource data. 




ft in rise firewall for requests for 

resource data from the proxy server 
h i tources in accordance with associated 



emu 
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